Loads of if's, is it okay?

Question

I have a login form and I have designed my website in such a way that every user has his own dashboard.

After login, I check if

if($_POST['username']=="ryan")
{
redirect to ryan;s dashboard
}
if($_POST['username']=="jpn")
{
redirect to jpn;s dashboard
}

and so on for1500 usernames. Is it fine?

It's fine if you want to give yourself loads of extra work every time you get a new user. What are the names of these dashboards, and are they related to the names of the users, or do you have a lookup table of usernames to dashboards? — Mark Baker, Dec 15 '10 at 10:21
It will work, of course. Remember that you'll have to add code each time a new user register on your app... Given that you're better using something like `redirect_to($_POST['username']);` and have a function to — acm, Dec 15 '10 at 10:23
related in what way? And are you checking that username is valid, or just letting the user type whatever they want in the field, so that ryan could see jpn's dashboard if he typed jpn rather than his own name? — Mark Baker, Dec 15 '10 at 10:23

score 4 · Answer 1 · answered Dec 15 '10 at 10:22

4

Put the names and the dashboard URLs in a database. Make one query to look up the URL based on the posted name and redirect. You will have 4 lines of code instead of 6000.

answered Dec 15 '10 at 10:22

Dan Grossman

51,866
10
112
101

hey, that is a great idea. After I run a query and check for a user and get the link from the db, how do i redirect user? Should I use the header function of PHP? – ryan Dec 15 '10 at 10:24
You could do it this way, but my answer is a lot more secure as you are requesting a password too. You also only have the dashboard code once (in one file) but load only the users data. You can adjust the session length to suit your needs - think the default is 15 or 20 minutes before the user is logged out. I mean using Dans' way, if one user knows anothers username, they could oh so easily access another users dashboard. – ClarkeyBoy Dec 15 '10 at 10:28
Just had another thought on this subject... firstly the code which is common to all dashboard would have to be duplicated 1500 times (assuming they are different pages altogether) and common changes would have to be duplicated 1500 times... secondly what happens if the dashboard URL "pattern" changes. For example /dashboard/name.htm to /dash/name.htm? That is one HELL of a lot of changes which cannot be done with a simple find / replace in a database. That would be unnecessary work when it could just be 1 URL suits all, one change if the URL changes. – ClarkeyBoy Dec 15 '10 at 10:44
Why are there so many upvotes on this answer compared to mine? Is there some text which is visible to others but no me? Is it the fact that it says 4 lines rather than 6000? I would alter mine so it says something like this, but I can't specify an exact number. It would save a hell of a lot more than 5996 lines of code though... – ClarkeyBoy Dec 15 '10 at 14:25
It got upvoted because it was written first, the question author commented on it first, and it's simple. – Dan Grossman Dec 15 '10 at 14:46
Only by 2 minutes... and this solution may be simple but it is inefficient, as I said before, due to the difficulty to change the URL pattern, and insecure / inefficient if it is an HTML page altogether per user as they will obviously be accessible to everyone and many lines of code will be the same in all 1500 files. You shouldn't need to store the actual URLs in the database but actually use the stored session username to determine what should be displayed. Thats all I'm saying. I don't mean any offence, just making a point that mine deserves more credit for efficiency / security. – ClarkeyBoy Dec 15 '10 at 16:00

score 1 · Answer 2 · answered Dec 15 '10 at 10:22

No. If you really needed to choose between 1500 different routines, you should use something like the strategy pattern.

However, in your case, it's just the same routine (loading a user's dashboard) with different data. The procedures should be the same. How come you need different code to load each user's dashboard?

score 1 · Answer 3 · answered Dec 15 '10 at 10:22

1

Think it's a problem in your design...things like this should never happen :)

You should use a script that fetches the user dashboard and only send the user id to that script!

answered Dec 15 '10 at 10:22

Catalin

858
5
16

Think this is not a proper answer. – acm Dec 15 '10 at 10:24
It makes a lot more sense than other peoples attempts at making the code fit a flawed architecture – symcbean Dec 15 '10 at 13:02

score 1 · Answer 4 · answered Dec 15 '10 at 10:23

Firstly, rather than do multiple if statements that way, I'd recommend using the switch statement like this:

switch($_POST['username'])
{
   case "ryan" : //redirect to ryan;s dashboard
   case "jpn" : //redirect to jpn;s dashboard
}

Secondly, I wouldn't recommend doing that at all to redirect to someone's dashboard. You should have a common dashboard and a table with the usernames and dashboard details. Then call the single function with the username.

score 0 · Answer 5 · answered Dec 15 '10 at 10:23

You should redirect to 1 dashboard. then use this values in dashboard

login php ....
if($_POST['username'])
{
redirect to dashboard
}


dahsboard php 

welcome <?=$_POST['username']?>,
...
..
user spesific things..

if you try your code for 1000 user you are going to be tired..

score 0 · Answer 6 · answered Dec 15 '10 at 10:24

0

What you could do is save the username in a session variable, and load the users dashboard based on the session variable. Assuming you are requesting a password too, you should save both the username and password. Check they are correct and load the dashboard for that specific user.

If they are redirected to, for example, www.your-domain.com/jpn.html, this is insecure as a) it could be indexed by search engines and appear in search results and b) more importantly all users can access each others dashboards simply by typing in the users URL.

answered Dec 15 '10 at 10:24

ClarkeyBoy

4,934
12
49
64

amazing idea. I am already storing username and password in a session variable. how do i redirect based on that? – ryan Dec 15 '10 at 10:29
You just redirect to www.your-domain.com/dashboard.php and load the users data based on the values stored in, for example, `$_SESSION["username"]` and `$_SESSION["password"]`. I am not sure if just username and password is secure for these variable names, as I am not a PHP expert myself, but you may want to name them to something unpredictable by hackers. – ClarkeyBoy Dec 15 '10 at 10:31
how do i make the data different for different users? sorry for asking such a dumb ques – ryan Dec 15 '10 at 10:35
Well whatever they have in common you put in the dashboard page - such as layout. If they have, for example, points then you store this by the users name in the database and reference the points next to the username they entered. So you fetch the row containing the users name in the users table (in the database) and output the value stored in the points column of that row. You have not really outlined much about this project, so points is just an example but you can replace it with whatever you want. – ClarkeyBoy Dec 15 '10 at 10:39
With regards to asking a dumb question, we have ALL been there once - no matter how much we deny it! I have asked my fair share in the past myself! Think I have only asked one REALLY dumb question, but a few slightly dumb questions. – ClarkeyBoy Dec 15 '10 at 10:41

Loads of if's, is it okay?

6 Answers6